February 7, 2024

PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure

February 7, 2024

What we know so far

The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Federal Bureau of Investigation (FBI), along with international partners, warn that the People's Republic of China (PRC) state-sponsored cyber group known as Volt Typhoon is targeting U.S. critical infrastructure across several sectors, including Communications, Energy, Transportation Systems, and Water and Wastewater Systems. These actors are pre-positioning themselves within IT networks, potentially for disruptive or destructive cyberattacks in the event of a crisis or conflict with the United States. Volt Typhoon uses sophisticated techniques, including leveraging valid accounts and living off the land (LOTL) tactics, to maintain long-term, undetected access and are capable of moving laterally to operational technology (OT) assets to disrupt functions. The advisory urges critical infrastructure organizations to apply recommended mitigations to disrupt Volt Typhoon's access and reduce the threat.

Arrow Right

Schedule a test

Subscribe to advisory alerts

Be immediately notified of new advisories and associated security tests

More advisories